Sujet Précédent Sujet Suivant

Besoin d'aide; probleme win 32.hidden.rtk

Fermé
vince76 - 15 déc. 2008 à 06:00
 vince76 - 15 janv. 2009 à 16:12
Bonjour, à tous
J'ai besoin de votre aide s'il vous plait. Spybot me detecte win32.hidden.rtk mais n'arrive pas à me le supprimer.

Donc la question est comment faire?
Pour info je suis pas un pro de l'ordi mais je suis à l'affut de tout conseil...
Merci d'avance.
A voir également:

9 réponses

Réponse 1 / 9
Utilisateur anonyme
15 déc. 2008 à 06:07
===================POUR LES UTILISATEURS DE VISTA=========================
=>< Désactive le « contrôle des comptes utilisateurs = UAC »
(tu le réactiveras après ta désinfection): Ne pas oublier !!
Désactiver l'UAC est nécessaire pour pouvoir faire fonctionner certains programmes sous Vista.
- Vas dans Démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

==>NOTE:
=><Avant tout emploi de logiciel, s’assurer que les protections de registres tel que le Tea Timer de spybot sont désactivées (notamment lors de l’emploi d’HijackThis)
Spybot=>mode avancé=> outils => résident
Décocher la case résident "tea timer"

Refermer Spybot.

télécharge hijackthis :


ici HijackThis
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html

-> enregistre la cible sous .... "le bureau"

-> Fais un double-clic sur "HJTInstall.exe" afin de lancer l'installation

-> Clique sur Install ensuite sur "I Accept"

-> Clique sur" Do a scan system and save log file"

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

0
Réponse 2 / 9
vince76
15 déc. 2008 à 07:24
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:36, on 15/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Users\vincent\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\WinTV\EPG Services\System\EPGClient.exe
C:\Program Files\Cyberlink\PowerCinema\PCMService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [EPGServiceTool] C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [USBToolTip] "D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LaunchList] D:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{658C2A15-A19E-42A7-84DA-E0BC08F2EE78}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
0
Réponse 3 / 9
Utilisateur anonyme
15 déc. 2008 à 07:32
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
0
vince76
15 déc. 2008 à 07:55
-----------\\ ToolBar S&D 1.2.6 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz )
BIOS : InsydeH2O Version V1.04
USER : vincent ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:144 Go (Free:4 Go)
D:\ (Local Disk) - NTFS - Total:140 Go (Free:38 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
Option : [1] ( 15/12/2008|10:52 )

[ UAC => 0 ]

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.orange.fr/portail"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://fr.yahoo.com/"
"Default_Page_URL"="https://fr.yahoo.com/"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!
C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - Ah ! si j'avais.mp3
C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - Alone (avec Kent).mp3
C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - Comme dit Verlaine.mp3
C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - Crac !.mp3
C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - Gudulle.mp3
C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - Jean-parle.mp3
C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - L'‚chapp‚(e).mp3
C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - La boŒte … joujoux.mp3
C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - Les amants.mp3
C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - Les tit'gueules.mp3
C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - Mes amis.mp3
C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - Photo de classe.mp3
C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - Plaie mobile.mp3
C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - Trois fois rien (avec Kent).mp3
C:\Users\vincent\Music\Les Tit'Nassels\les tit'nassels crack!\Les Tit'Nassels - Un jour Pr‚vert, une nuit Baudelaire.mp3


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 15/12/2008|10:53 - Option : [1]

-----------\\ Fin du rapport a 10:53:31,56
0
Réponse 4 / 9
Utilisateur anonyme
15 déc. 2008 à 08:14
relances hijackthis coches ces lignes et "fix checked" :

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: BTTray.lnk = ?


---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :





:processes
explorer.exe

:Reg
[-HKEY_CLASSES_ROOT\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=-


:files
c:\Program files\daemon tools toolbar\dttoolbar.dll

:Commands
[purity]
[emptytemp]
[Reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log


source Chiquitine29.....................;-)


suivi d'un autre hijackthis derriere
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
vince76
15 déc. 2008 à 08:45
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_CLASSES_ROOT\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar not found.
========== FILES ==========
File/Folder c:\Program files\daemon tools toolbar\dttoolbar.dll not found.
========== COMMANDS ==========
File delete failed. C:\Users\vincent\AppData\Local\Temp\RtkBtMnt.exe scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Users\vincent\AppData\Local\Mozilla\Firefox\Profiles\7gohj2y9.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\vincent\AppData\Local\Mozilla\Firefox\Profiles\7gohj2y9.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\vincent\AppData\Local\Mozilla\Firefox\Profiles\7gohj2y9.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\vincent\AppData\Local\Mozilla\Firefox\Profiles\7gohj2y9.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\vincent\AppData\Local\Mozilla\Firefox\Profiles\7gohj2y9.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\vincent\AppData\Local\Mozilla\Firefox\Profiles\7gohj2y9.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12152008_112401

Files moved on Reboot...
C:\Users\vincent\AppData\Local\Temp\RtkBtMnt.exe moved successfully.
C:\Users\vincent\AppData\Local\Mozilla\Firefox\Profiles\7gohj2y9.default\Cache\_CACHE_001_ moved successfully.
C:\Users\vincent\AppData\Local\Mozilla\Firefox\Profiles\7gohj2y9.default\Cache\_CACHE_002_ moved successfully.
C:\Users\vincent\AppData\Local\Mozilla\Firefox\Profiles\7gohj2y9.default\Cache\_CACHE_003_ moved successfully.
C:\Users\vincent\AppData\Local\Mozilla\Firefox\Profiles\7gohj2y9.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\vincent\AppData\Local\Mozilla\Firefox\Profiles\7gohj2y9.default\urlclassifier3.sqlite moved successfully.
C:\Users\vincent\AppData\Local\Mozilla\Firefox\Profiles\7gohj2y9.default\XUL.mfl moved successfully.
0
Réponse 6 / 9
vince76
15 déc. 2008 à 08:48
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:36, on 15/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Users\vincent\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\WinTV\EPG Services\System\EPGClient.exe
C:\Program Files\Cyberlink\PowerCinema\PCMService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Acer\Acer VCM\acp2HID.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ArcadeDeluxeAgent] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [EPGServiceTool] C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [USBToolTip] "D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LaunchList] D:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{658C2A15-A19E-42A7-84DA-E0BC08F2EE78}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
0
Réponse 7 / 9
Utilisateur anonyme
15 déc. 2008 à 09:09
ComboFix:

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)




Registry::
[-HKEY_CLASSES_ROOT\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=-


file::
c:\program files\daemon tools toolbar\dttoolbar.dll



* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Veille à ce que Retour à la ligne ne soit pas coché dans Format.
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme ceci
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Réponse 8 / 9
vince76
15 déc. 2008 à 10:24
ComboFix 08-12-14.04 - vincent 2008-12-15 12:28:19.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3068.1539 [GMT 4:00]
Lancé depuis: C:\Users\vincent\Desktop\ComboFix.exe
Commutateurs utilisés :: C:\Users\vincent\Desktop\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\program files\daemon tools toolbar\dttoolbar.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Acer\Acer Bio Protection\PwdFilter.dll
C:\ProgramData\vlc-0.9.6-win32.exe
C:\Windows\system32\FTPx.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-15 au 2008-12-15 ))))))))))))))))))))))))))))))))))))
.

2008-12-15 12:09 . 2008-12-15 12:10 <REP> d-------- C:\Program Files\The Cleaner Demo
2008-12-15 11:42 . 2008-12-15 11:43 114,168 --a------ C:\Windows\System32\GDIPFONTCACHEV1.DAT
2008-12-15 11:24 . 2008-12-15 11:24 <REP> d-------- C:\_OTMoveIt
2008-12-15 10:51 . 2008-12-15 10:53 <REP> d-------- C:\ToolBar SD
2008-12-15 10:23 . 2008-12-15 10:23 <REP> d-------- C:\Program Files\Trend Micro
2008-12-15 10:19 . 2008-12-15 10:19 56 --ah----- C:\Windows\System32\ezsidmv.dat
2008-12-12 08:19 . 2008-10-22 05:22 2,048 --a------ C:\Windows\System32\tzres.dll
2008-12-12 07:45 . 2008-12-12 10:34 335,780,933 --a------ C:\Windows\MEMORY.DMP
2008-12-11 23:11 . 2008-10-16 06:23 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-12-11 23:11 . 2008-10-16 08:47 827,392 --a------ C:\Windows\System32\wininet.dll
2008-12-11 23:10 . 2008-10-21 09:25 296,960 --a------ C:\Windows\System32\gdi32.dll
2008-12-11 23:07 . 2008-11-01 05:21 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-12-11 23:07 . 2008-11-01 07:44 28,672 --a------ C:\Windows\System32\Apphlpdm.dll
2008-12-11 23:06 . 2008-10-29 10:29 2,927,104 --a------ C:\Windows\explorer.exe
2008-12-11 22:55 . 2008-06-23 05:59 2,868,736 --a------ C:\Windows\System32\mf.dll
2008-12-11 22:55 . 2008-06-23 05:59 996,352 --a------ C:\Windows\System32\WMNetMgr.dll
2008-12-11 22:55 . 2008-06-23 05:58 94,720 --a------ C:\Windows\System32\logagent.exe
2008-12-10 12:16 . 2008-12-10 12:16 <REP> d--h-c--- C:\Users\All Users\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2008-12-10 12:16 . 2008-12-10 12:16 <REP> d--h-c--- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2008-12-10 11:39 . 2008-12-10 11:39 <REP> d-------- C:\Program Files\Electronic Arts
2008-12-10 11:39 . 2008-12-10 11:39 792 --a------ C:\Windows\System32\ealregsnapshot1.reg
2008-12-09 20:46 . 2008-12-09 20:46 <REP> d-------- C:\Users\vincent\AppData\Roaming\Sports Interactive
2008-12-09 20:46 . 2008-12-09 20:46 <REP> d-------- C:\Users\All Users\Sports Interactive
2008-12-09 20:46 . 2008-12-09 20:46 <REP> d-------- C:\ProgramData\Sports Interactive
2008-12-09 19:51 . 2008-12-09 19:56 <REP> d-------- C:\Program Files\Common Files\Steam
2008-12-09 19:50 . 2008-12-09 19:51 <REP> d--h----- C:\Program Files\Zero G Registry
2008-12-09 19:50 . 2008-12-09 19:50 <REP> d-------- C:\Program Files\Sports Interactive
2008-12-09 19:49 . 2008-12-09 19:49 <REP> d--h----- C:\Users\vincent\InstallAnywhere
2008-12-09 14:07 . 2008-12-15 10:56 <REP> d-------- C:\Program Files\Mozilla Firefox 3.1 Beta 2
2008-12-09 08:25 . 2008-12-09 08:25 <REP> d-------- C:\Users\All Users\Intel
2008-12-09 08:25 . 2008-12-09 08:25 <REP> d-------- C:\ProgramData\Intel
2008-12-09 08:25 . 2008-12-09 08:25 <REP> d-------- C:\Program Files\Common Files\Intel
2008-12-09 08:25 . 2008-12-09 08:25 <REP> d-------- C:\Program Files\Cisco
2008-12-09 08:20 . 2008-09-12 16:32 327,192 --a------ C:\Windows\System32\drivers\iaStor.sys
2008-12-09 08:11 . 2008-12-09 08:11 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-12-09 08:10 . 2008-12-09 08:11 <REP> d-------- C:\Users\vincent\AppData\Roaming\SystemRequirementsLab
2008-12-09 07:49 . 2008-12-09 07:50 <REP> d-------- C:\Users\All Users\ma-config.com
2008-12-09 07:49 . 2008-12-09 07:50 <REP> d-------- C:\ProgramData\ma-config.com
2008-12-09 07:49 . 2008-12-09 07:50 <REP> d-------- C:\Program Files\ma-config.com
2008-12-08 11:40 . 2008-12-08 11:40 134,832 --ah----- C:\Windows\System32\mlfcache.dat
2008-12-05 23:11 . 2008-12-05 23:11 <REP> d-------- C:\Users\All Users\Diskeeper Corporation
2008-12-05 23:11 . 2008-12-05 23:11 <REP> d-------- C:\ProgramData\Diskeeper Corporation
2008-12-05 23:11 . 2008-12-05 23:11 <REP> d-------- C:\Program Files\Diskeeper Corporation
2008-12-05 23:11 . 2008-12-05 23:11 <REP> d-------- C:\Program Files\Common Files\Diskeeper Corporation
2008-12-05 23:07 . 2008-12-05 23:10 <REP> d-------- C:\Users\All Users\Lavasoft
2008-12-05 23:07 . 2008-12-05 23:10 <REP> d-------- C:\ProgramData\Lavasoft
2008-12-05 23:07 . 2008-12-05 23:07 <REP> d-------- C:\Program Files\Lavasoft
2008-12-05 23:05 . 2008-12-05 23:05 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-05 22:58 . 2008-12-06 11:00 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-12-05 22:58 . 2008-12-06 11:00 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-12-05 22:58 . 2008-12-06 10:59 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-12-05 22:56 . 2008-12-05 22:56 <REP> d-------- C:\Program Files\ToniArts
2008-12-03 16:08 . 2008-12-03 16:08 <REP> d-------- C:\Users\All Users\Avira
2008-12-03 16:08 . 2008-12-03 16:08 <REP> d-------- C:\ProgramData\Avira
2008-12-03 16:08 . 2008-12-03 16:08 <REP> d-------- C:\Program Files\Avira
2008-12-03 02:00 . 2008-12-15 09:59 <REP> d-------- C:\Users\vincent\AppData\Roaming\skypePM
2008-12-03 01:58 . 2008-12-15 12:18 <REP> d-------- C:\Users\vincent\AppData\Roaming\Skype
2008-12-03 01:57 . 2008-12-03 01:57 <REP> d-------- C:\Users\All Users\Skype
2008-12-03 01:57 . 2008-12-03 01:57 <REP> d-------- C:\ProgramData\Skype
2008-12-03 01:57 . 2008-12-03 01:57 <REP> d-------- C:\Program Files\Skype
2008-12-03 01:57 . 2008-12-03 01:57 <REP> d-------- C:\Program Files\Common Files\Skype
2008-12-01 18:23 . 2008-10-17 01:13 1,809,944 --a------ C:\Windows\System32\wuaueng.dll
2008-12-01 18:23 . 2008-10-17 00:56 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-12-01 18:23 . 2008-10-17 01:09 51,224 --a------ C:\Windows\System32\wuauclt.exe
2008-12-01 18:23 . 2008-10-17 01:09 43,544 --a------ C:\Windows\System32\wups2.dll
2008-12-01 18:22 . 2008-10-17 01:12 561,688 --a------ C:\Windows\System32\wuapi.dll
2008-12-01 18:22 . 2008-10-16 17:08 162,064 --a------ C:\Windows\System32\wuwebv.dll
2008-12-01 18:22 . 2008-10-17 00:55 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-12-01 18:22 . 2008-10-17 01:08 34,328 --a------ C:\Windows\System32\wups.dll
2008-12-01 18:22 . 2008-10-16 16:56 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-12-01 15:03 . 2008-12-01 15:03 168 --a------ C:\Windows\adidsl.ini
2008-12-01 15:03 . 2008-12-01 15:03 21 --a------ C:\Windows\Fast800.ini
2008-12-01 15:01 . 2008-12-01 15:01 <REP> d-------- C:\Program Files\SAGEM
2008-12-01 15:01 . 2004-01-07 11:29 261,964 --a------ C:\Windows\System32\drivers\rtbldep3.bnm
2008-11-30 21:07 . 2008-11-30 21:07 <REP> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-11-30 21:07 . 2008-11-30 21:07 <REP> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-11-30 21:07 . 2008-11-30 21:07 <REP> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-11-30 21:07 . 2008-11-30 21:07 <REP> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-11-30 21:07 . 2008-11-30 21:07 <REP> dr------- C:\Windows\System32\config\systemprofile\Links
2008-11-30 21:07 . 2008-11-30 21:07 <REP> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-11-30 21:07 . 2008-11-30 21:07 <REP> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-11-30 15:36 . 2008-11-30 15:36 <REP> d-------- C:\Program Files\Pinnacle
2008-11-30 15:35 . 2002-07-26 20:02 153,088 --a------ C:\Program Files\UNWISE.EXE
2008-11-30 15:33 . 2008-11-30 15:33 <REP> d-------- C:\Program Files\SureThing Express Labeler
2008-11-30 15:33 . 2008-11-30 15:33 <REP> d-------- C:\Program Files\Common Files\SureThing Shared
2008-11-30 15:31 . 2008-11-30 15:31 <REP> d-------- C:\Program Files\proDAD
2008-11-29 16:14 . 2005-02-03 12:51 225,280 --a------ C:\Windows\OptChecker.exe
2008-11-29 16:14 . 2005-02-03 12:51 159,744 --a------ C:\Windows\OptRemove.exe
2008-11-29 16:12 . 2008-11-29 16:12 <REP> d-------- C:\Securitoo
2008-11-29 12:19 . 2008-11-29 12:19 <REP> d-------- C:\Program Files\Steinberg
2008-11-29 12:19 . 2008-11-29 12:19 <REP> d-------- C:\Program Files\Common Files\digidesign
2008-11-27 19:51 . 2008-12-01 15:03 989 --a------ C:\Windows\adiras.ini
2008-11-27 19:16 . 2008-10-21 09:25 1,645,568 --a------ C:\Windows\System32\connect.dll
2008-11-27 19:16 . 2008-08-28 07:40 712,704 --a------ C:\Windows\System32\WindowsCodecs.dll
2008-11-27 19:16 . 2008-08-28 07:40 425,472 --a------ C:\Windows\System32\PhotoMetadataHandler.dll
2008-11-27 19:16 . 2008-08-28 07:40 347,136 --a------ C:\Windows\System32\WindowsCodecsExt.dll
2008-11-27 19:16 . 2008-10-22 07:57 241,152 --a------ C:\Windows\System32\PortableDeviceApi.dll
2008-11-26 20:16 . 2008-11-26 20:16 <REP> d-------- C:\Crack NoCd Overclocked
2008-11-26 16:48 . 2008-11-26 16:48 <REP> d-------- C:\Program Files\Wanadoo
2008-11-26 16:48 . 2008-11-26 16:48 109 --a------ C:\Windows\Kit.ini
2008-11-25 14:15 . 2008-11-25 14:15 <REP> d-------- C:\MyVideos
2008-11-20 19:09 . 2008-11-20 19:09 279,712 --a------ C:\Windows\System32\drivers\atksgt.sys
2008-11-20 19:09 . 2008-11-20 19:09 25,888 --a------ C:\Windows\System32\drivers\lirsgt.sys
2008-11-20 19:07 . 2005-05-26 18:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll
2008-11-20 18:14 . 2007-07-19 21:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2008-11-20 18:14 . 2007-05-16 19:45 3,497,832 --a------ C:\Windows\System32\d3dx9_34.dll
2008-11-20 18:14 . 2007-07-19 21:14 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll
2008-11-20 18:14 . 2007-05-16 19:45 1,124,720 --a------ C:\Windows\System32\D3DCompiler_34.dll
2008-11-20 18:14 . 2008-11-20 18:14 669,184 --a------ C:\Windows\System32\pbsvc.exe
2008-11-20 18:14 . 2007-07-19 21:14 444,776 --a------ C:\Windows\System32\d3dx10_35.dll
2008-11-20 18:14 . 2007-05-16 19:45 443,752 --a------ C:\Windows\System32\d3dx10_34.dll
2008-11-20 18:14 . 2007-04-04 21:53 81,768 --a------ C:\Windows\System32\xinput1_3.dll
2008-11-19 15:14 . 2008-11-10 08:43 410,984 --a------ C:\Windows\System32\deploytk.dll
2008-11-19 14:34 . 2008-09-10 07:40 1,334,272 --a------ C:\Windows\System32\msxml6.dll
2008-11-19 14:34 . 2008-09-05 09:14 1,191,936 --a------ C:\Windows\System32\msxml3.dll
2008-11-19 14:34 . 2008-08-27 05:05 212,480 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-11-18 18:44 . 2008-11-25 18:21 <REP> dr------- C:\Users\Public\Videos
2008-11-18 18:44 . 2008-11-20 16:07 <REP> dr------- C:\Users\Public\Pictures
2008-11-18 18:44 . 2008-11-25 18:21 <REP> dr------- C:\Users\Public\Music
2008-11-15 15:06 . 2008-12-15 11:43 <REP> dr------- C:\Users\Public\Recorded TV

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 06:18 28,029 ----a-w C:\Users\All Users\nvModes.dat
2008-12-15 06:18 28,029 ----a-w C:\ProgramData\nvModes.dat
2008-12-12 06:34 --------- d-----w C:\Program Files\Windows Mail
2008-12-12 04:25 --------- d-----w C:\ProgramData\Microsoft Help
2008-12-10 08:17 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-12-09 16:09 --------- d-----w C:\ProgramData\Media Center Programs
2008-12-05 18:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-12-03 18:19 --------- d-----w C:\Program Files\Java
2008-12-01 11:03 32 ----a-w C:\Windows\system32\drivers\adidsl.cfg
2008-12-01 10:14 --------- d-----w C:\Users\vincent\AppData\Roaming\U3
2008-11-30 17:30 --------- d-----w C:\Program Files\Microsoft Games
2008-11-30 10:16 --------- d-----w C:\Program Files\Windows Live
2008-11-30 10:14 --------- d-s---w C:\ProgramData\WD
2008-11-29 08:19 --------- d-----w C:\Program Files\BIAS
2008-11-27 15:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-11-20 14:15 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-11-20 14:15 22,328 ----a-w C:\Users\vincent\AppData\Roaming\PnkBstrK.sys
2008-11-20 14:15 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-11-20 14:14 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-11-20 11:48 --------- d-----w C:\ProgramData\eMule
2008-11-15 12:23 --------- d-----w C:\Users\vincent\AppData\Roaming\dvdcss
2008-11-13 16:36 --------- d-----w C:\Program Files\Google
2008-11-13 16:36 --------- d-----w C:\Program Files\Brother
2008-11-11 10:38 --------- d-----w C:\Program Files\Yahoo!
2008-11-10 07:48 --------- d-----w C:\Program Files\Nuance
2008-11-10 07:46 --------- d-----w C:\ProgramData\Brother
2008-11-10 07:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-11-01 03:44 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-10-29 06:53 --------- d-----w C:\ProgramData\WLInstaller
2008-10-26 22:18 --------- d-----w C:\Program Files\Picasa2
2008-10-26 21:13 --------- d-s---w C:\ProgramData\Memeo
2008-10-26 21:06 --------- d-----w C:\ProgramData\InstallShield
2008-10-26 21:06 --------- d-----w C:\ProgramData\eSellerate
2008-10-26 21:06 --------- d-----w C:\Program Files\Memeo
2008-10-26 17:53 --------- d-----w C:\Users\vincent\AppData\Roaming\proDAD
2008-10-23 19:24 --------- d-----w C:\Users\vincent\AppData\Roaming\Creative
2008-10-23 18:52 --------- d-----w C:\Program Files\Creative
2008-10-23 18:51 --------- d-----w C:\ProgramData\Creative
2008-10-23 18:51 --------- d-----w C:\Program Files\Audible
2008-10-23 18:50 --------- d--h--w C:\ProgramData\{549E12A2-AFC9-415A-8917-B8D197926D0C}
2008-10-23 18:49 --------- d--h--w C:\ProgramData\{B953802D-D7B1-4AC2-AF3C-79E4D168CF1F}
2008-10-23 18:44 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-10-21 06:14 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-19 09:59 --------- d-----w C:\ProgramData\Pinnacle Studio
2008-10-19 09:58 --------- d-----w C:\ProgramData\Pinnacle
2008-10-18 21:59 --------- d-----w C:\Users\vincent\AppData\Roaming\Leadertech
2008-10-09 19:45 444,952 ----a-w C:\Windows\System32\wrap_oal.dll
2008-10-09 19:45 109,080 ----a-w C:\Windows\System32\OpenAL32.dll
2008-10-04 19:40 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-10-02 10:12 774,144 ----a-w C:\Windows\System32\wlihvui.dll
2008-10-02 10:07 987,136 ----a-w C:\Windows\System32\iwmssvc.dll
2008-09-30 15:43 1,286,152 ----a-w C:\Windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w C:\Windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w C:\Windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w C:\Windows\System32\win32k.sys
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
2008-10-25 10:04 135,680 ----a-w C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-09-06 12:51 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-09-06 12:51 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-09-06 12:51 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 02:38 121392 --a------ C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 06:23 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 06:25 125952]
"LaunchList"="D:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 17:41 145496]
"SoftAuto.exe"="C:\Program Files\Creative\Software Update 3\SoftAuto.exe" [2008-05-28 06:39 401408]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 20:34 213936]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-11-18 19:31 21633320]
"Steam"="D:\Program Files\Steam\Steam.exe" [2008-12-09 19:52 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 17:01 182808]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-04 13:26 1037608]
"ePower_DMC"="C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 13:22 409600]
"eDataSecurity Loader"="C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 02:38 526896]
"eAudio"="C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 06:36 544768]
"BkupTray"="C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 01:42 34040]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-06-28 05:45 13543968]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-06-28 05:45 92704]
"ZPdtWzdVitaKey MC3000"="C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-07-29 21:34 3719680]
"PLFSetI"="C:\Windows\PLFSetI.exe" [2007-10-23 12:56 200704]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2008-06-16 13:58 809480]
"ArcadeDeluxeAgent"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-13 00:10 147456]
"CLMLServer"="C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-13 00:11 167936]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 19:28 167936]
"WarReg_PopUp"="C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 11:03 303104]
"EPGServiceTool"="C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe" [2008-04-17 20:20 688128]
"PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2007-08-11 01:04 151552]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 09:00 33648]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-25 14:04 1838592]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 04:04 39792]
"USBToolTip"="D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2006-10-16 16:50 202312]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 16:28 266497]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-11-10 08:43 136600]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 12:19 6139904 C:\Windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 05:23 443968]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe [2008-07-29 21:57:13 1216512]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-24 20:50:32 723760]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-12-01 15:02:02 1214032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-07-29 21:34 3162624 C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= vdrcodec.dll
"VIDC.MJPG"= Pvmjpg30.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{68C187EE-4A20-44E8-A550-26DE193D4ACD}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{B6E5144E-A35A-47D4-9351-5D1518326EAC}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{FB95C4B3-478C-4028-9B06-40ED0629356D}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{AB9725C8-1EE6-4407-80F5-AABEBE27272F}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{00C88B8B-BA66-46A6-A171-7AFEE52DBEF0}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{E87C3E3F-9E50-4378-8B2A-911C50ACBA85}"= UDP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{2919572F-C35F-46EC-A0A8-B90A05300DFC}"= TCP:C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{01FE26FB-62CE-4612-A3BE-9FD62D21A795}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{681C8A7D-605E-434F-8AE0-34900DF662A3}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7CA0AD01-7EE0-4733-A4DF-3B3658EC2549}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{E59C0E0F-4858-43D3-A7E2-269F5D94E260}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{2899EA9A-BEF2-4433-8219-52A67021932C}"= C:\Program Files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe:Acer Play Movie
"{BD7CADB7-C6E7-4FAD-B090-4BF6471BA9EC}"= C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe:Acer Play Movie Resident Program
"{851D172A-EA9B-412E-9E0B-28374EBDBECF}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:Acer HomeMedia
"{D96E9C10-0D27-4D03-B640-42F13627DC6C}"= C:\Program Files\Acer\Acer VCM\VC.exe:Acer VCM
"{17436CDD-F01E-4787-A842-9606E4668536}"= C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:CyberLink PowerCinema
"{3632CFC8-18DD-4806-8983-1AA596AFF61A}"= C:\Program Files\CyberLink\PowerCinema\PCMService.exe:CyberLink PowerCinema Resident Program
"{9DF4B097-5B8C-4D8F-8A64-335314A8FEC9}"= C:\Program Files\CyberLink\PowerCinema\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{4D5EC159-9009-4A0F-823B-09F8413985F2}"= C:\Program Files\CyberLink\PowerCinema\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{38382F66-91E5-483E-A88B-F1167B13A671}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{5175A554-6C36-4EE2-880B-392D221B0DD1}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DFF49DC1-5FA2-4874-8BA5-9A77B1D11DC2}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{4E90BEF6-CAEA-43B7-89A5-69F2676B9488}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{144597E9-9F78-406B-A297-43E8776ADBF3}"= UDP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{A9290816-5188-4A33-A136-90ABF425D8D5}"= TCP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{7117DB80-36E8-4821-B169-54FC04A2E601}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{857D521B-1E63-4B76-A194-A7368C4B015D}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{AF49F125-FD24-47AA-BA5D-C7D3F8A5E08A}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{F45257AD-5DD9-4617-AAC6-E68652874FA1}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{63A6B432-F58D-489E-B43C-B956D1B66C5B}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{F92F0AA0-9CC2-4645-9DBA-DDBBD822744F}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{311B57DF-BD87-4BE0-A4BD-6593EF281726}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{37EE5946-854D-40BF-8492-1901A412445F}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{D5605787-EB49-4E56-A248-88CB710AEAF4}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{78AE170B-5E45-4A74-BBF0-A04CD503429F}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{62F39C8D-A97B-4A67-8388-9F21622A670D}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
"{E94516C4-1F6C-42D7-94FA-9F9455A1D832}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars(TM)
"{1BA9CBEE-448C-4F31-A26C-1643CCB74C7E}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{57780D14-E669-4324-9B3E-260CE698225A}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"TCP Query User{4D685217-1FAE-4888-8BA6-CAF029E712B7}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{B1403E8A-071C-48D4-8E0F-E9F01275A7C6}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{666AD78D-39BC-4941-A268-5161BCF8914C}"= UDP:D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{E657E954-BF01-4765-BDF2-9B2A2729BD7C}"= TCP:D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{45780548-254D-46D0-9A06-307E99F25DB5}"= UDP:D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{79640360-4671-42F1-9873-5AD308486241}"= TCP:D:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"TCP Query User{9EF2F61C-9929-49D6-98FE-AFCBEA221D68}D:\\enemy territory\\setup\\data\\etqw.exe"= UDP:D:\enemy territory\setup\data\etqw.exe:Enemy Territory: QUAKE Wars
"UDP Query User{B916D3BD-7240-4888-9832-EC1B7B2DA3D8}D:\\enemy territory\\setup\\data\\etqw.exe"= TCP:D:\enemy territory\setup\data\etqw.exe:Enemy Territory: QUAKE Wars
"{10C529C0-44E4-4592-9829-D34BBC2D4E78}"= UDP:D:\Program Files\Codemasters\GRID\GRID.exe:GRID
"{D91426F8-B20C-4555-813E-DFA5CA6AB5FC}"= TCP:D:\Program Files\Codemasters\GRID\GRID.exe:GRID
"{4B45046F-CFD9-4E65-8995-8C0DD0A23EBE}"= UDP:C:\Program Files\SEGA\Beijing 2008\Beijing.exe:Beijing 2008™
"{1CAB1469-27F4-4408-86D1-6333E65E3C94}"= TCP:C:\Program Files\SEGA\Beijing 2008\Beijing.exe:Beijing 2008™
"{6E753807-D6ED-4E50-A14D-AC6EA5636788}"= UDP:D:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{5C14ECCF-A247-4DD0-BF99-8E53F70606FD}"= TCP:D:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{4034349A-70F7-4019-89D0-FB6540E45BD0}"= UDP:D:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{96A3D2CF-7894-4555-AC29-5F83F5006E99}"= TCP:D:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{023CB726-10CB-4C38-A244-52A43DB35078}"= UDP:D:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{252E316B-F8D7-488D-8C92-42795693AE69}"= TCP:D:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{8356EF30-24EA-4D65-A4E8-C20A68023190}"= UDP:D:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi
"{CD0123BC-D732-453B-8639-294AF3C872F6}"= TCP:D:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi
"TCP Query User{B777E5C1-839B-4EBA-9AA0-D8EECE342802}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{C7D75F8D-697B-4875-B11F-540BCCD47CE6}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{6D92EAA2-9479-4B3F-9EFA-FC661FEA026D}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{50025100-3422-42CE-AE1C-95190459AB21}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{59ECDE92-791F-47DB-91D5-9CB6E1E5A139}"= UDP:C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{224249B5-225F-4DFC-8D20-1F66233EDAC5}"= TCP:C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)
"{12A62F50-14F6-432B-B0CE-1AE1DDB12DA3}"= UDP:C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"{DE1C4950-CF1F-47B8-8464-9766C8FE34F1}"= TCP:C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)
"TCP Query User{8B2DF5F6-09DD-44AC-8DC0-CCC0DCF90FE9}D:\\program files\\codemasters\\dirt\\dirt.exe"= UDP:D:\program files\codemasters\dirt\dirt.exe:DiRT Executable
"UDP Query User{30B304EA-058C-4ACE-9DDB-CCFE4F829ABF}D:\\program files\\codemasters\\dirt\\dirt.exe"= TCP:D:\program files\codemasters\dirt\dirt.exe:DiRT Executable
"{36CFA520-FBC5-4C37-9AF3-F076142237AD}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{B99C02C9-E0C7-4914-AC92-585CFF0B5694}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{82FC51D6-335C-4B76-A372-EE5220FFE88E}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{7782D913-B7C8-4900-8F7C-64D6A40D83C4}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{ADFC0B02-4FA9-4530-9DA5-AFD07C2E3A01}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C6C13B81-A2B7-473A-9FB2-21728F88AD43}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{B92FCB5C-906C-4A5B-B2EF-18FE828B0FE9}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{2DA5F21B-76B2-4B11-AE78-BDF3B5E1A5FC}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"{6E2AB6A9-556A-41BA-B226-6BE42875D6B5}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"TCP Query User{F3AC364A-B1C9-4B0D-A7F7-E87929866464}D:\\program files\\codemasters\\dirt\\dirt.exe"= UDP:D:\program files\codemasters\dirt\dirt.exe:DiRT Executable
"UDP Query User{35151442-1685-4C1A-8058-6DADB0F21EFB}D:\\program files\\codemasters\\dirt\\dirt.exe"= TCP:D:\program files\codemasters\dirt\dirt.exe:DiRT Executable
"{EBD38F4C-E58A-4AEA-9927-7B51539D5501}"= UDP:D:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe:Football Manager 2009
"{0BD2E89B-1C6D-4E45-88C8-675F19151A8B}"= TCP:D:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe:Football Manager 2009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

R0 AlfaFF;AlfaFF File System mini-filter;C:\Windows\system32\Drivers\AlfaFF.sys [2008-07-29 21:34:42 43184]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};\??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-07-29 21:54:11 61424]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;"C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe" [2008-03-03 16:11:14 16384]
R2 CLHNService;CLHNService;C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-07-29 21:56:00 81504]
R2 EPGService;EPGService;C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [2008-08-31 21:40:21 436224]
R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2001-01-08 14:14:45 24576]
R2 IGBASVC;iGroupTec Service;C:\Program Files\Acer\Acer Bio Protection\BASVC.exe [2008-07-29 21:34:46 3520512]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 01:42:24 50424]
R2 NTIPPKernel;NTIPPKernel;\??\C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-07-29 21:56:01 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 06:03:14 131072]
R2 RS_Service;Raw Socket Service;C:\Program Files\Acer\Acer VCM\RS_Service.exe [2008-07-29 21:57:16 233472]
R2 vfsFPService;Validity Fingerprint Service;C:\Windows\system32\vfsFPService.exe [2008-05-26 07:43:58 599344]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\Windows\system32\DRIVERS\e4usbaw.sys [2008-12-01 15:02:02 104344]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys [2008-07-29 21:41:25 54784]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1E60x86.sys [2008-09-23 19:15:00 48128]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-09-25 10:37:40 3666432]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda32v.sys [2008-07-09 15:26:16 43040]
R3 vfs101x;vfs101x;C:\Windows\system32\drivers\vfs101x.sys [2008-05-26 07:44:14 40752]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\Windows\system32\Drivers\e4ldr.sys [2008-12-01 15:02:01 69656]
S3 CTUPnPSv;Creative Centrale Media Server;C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 15:42:56 64000]
S3 hcw66xxx;WinTV HVR-900H;C:\Windows\system32\Drivers\hcw66xxx.sys [2008-08-31 21:26:38 418304]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys [2001-01-08 14:14:10 85136]
S3 maconfservice;Ma-Config Service;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-11-17 11:05:32 195752]
S4 AutoSyncService;Memeo AutoSync service;"C:\Program Files\Memeo\AutoSync\MemeoService.exe" [2007-07-06 20:28:44 31768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34ad80ce-7dd3-11dd-a55a-00a0d1a94401}]
\shell\AutoRun\command - E:\setup.exe
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-eRecoveryService - (no file)
0
Réponse 9 / 9
vince76
15 janv. 2009 à 16:12
win32.rtk toujours présent, J'ai besoin d'aide... Si vous plait. Merci d'avance.
vince76
0

Discussions similaires

Voxbone ? qui est-ce ?
fanfan54 -
djakool4 -

158 réponses
svp 32Gb est il egal a 32Go??
William Fernand -
nemrod18 -

3 réponses